Archive for the 'Anti-virus Firewalls and Malware' Category

NOD32 Antivirus v3.0 Firewall error

Published on August 16, 2008 in Anti-virus Firewalls and Malware, Windows Software Tips and Windows XP. Comments

“Failed to read firewall configuration”

Getting this error when you run v3.x of NOD32 Antivirus? I was and it was tricky finding a solution. Here is what worked.

The Cause

I had installed NOD32 Security Suite by mistake. I uninstalled the Security Suite, restarted the computer, and then installed the Antivirus. Upon system startup NOD32 AV would give the “Failed to read firewall configuration” error. If I tried to go into the Setup it would also give the “Failed to read firewall configuration” error. I uninstalled, reinstalled, did repair installs, etc., and nothing got rid of this.

Hunting through the registry I found that NOD32 Security Suite had not uninstalled completely and had left a lot of data in the registry. Here’s the steps I went through to fix this error:

  1. Uninstall NOD32 Antivirus
  2. Reboot
  3. Delete the folders at these locations:

    C:\Documents and Settings\YOURUSERNAME\Application Data\ESET
    C:\Documents and Settings\ALL USERS\Application Data\ESET

  4. Check your network connection properties (usually Local Area Connection if you are on a LAN). Look to see if NOD32 Firewall is listed in the the “This connection uses the following items” on the General Tab. Uninstall it if it is.
  5. Reboot. Reinstall NOD32. See if it works now.
  6. If it still does not work then the final resort is the following steps
  7. Uninstall NOD32 again
  8. Get a good registry editing tool (perhaps a free one or one that gives a fully functional trial), backup your registry, save a system restore point, and then delete all lines in the registry that have “ESET” in them and which have “EPFW” [upper and lower case] (stands for “eset personal firewall”) in them. I deleted perhaps a hundred or more. I did not find any with “epfw” in them which were not Eset Firewall related. But you might, so check what you are deleting first.
  9. Look for files in c:\windows\system32\drivers which have epfw at the beginning of the filename. There might be three or four. Delete them.

That should fix it.

Technorati Tags: ,

HOWTO: Secure Windows XP

Published on November 21, 2006 in Anti-virus Firewalls and Malware and Windows XP. Comment

Here’s a web page with great information on how to make sure your PC is secure against viruses, malware, adware, and other nasties. If you want step-by-step instructions on how to secure your PC this page is what you’re looking for.

Check it out at: Secure XP

A Guide to Producing a Secure Configuration for Outpost - Outpost Firewall User’s Support Forum

Published on July 29, 2006 in Anti-virus Firewalls and Malware. Closed

Outpost Firewall is the one I have been using for a couple of years now. If you also use Outpost then it is important to make sure you have the configuration that suits your needs whilst also providing as much security as possible. There is a great guide on the Outpost forum covering all the key areas of concern. If you’re an Outpost user wishing to configure Outpost with excellence check this forum message out… 

A Guide to Producing a Secure Configuration for Outpost - Outpost Firewall User’s Support Forum
Outpost Firewall User's Support Forum

Firewall leak tester

Published on July 26, 2006 in Anti-virus Firewalls and Malware. Comments

The following site provides a lot of useful information, tips, and tools regarding PC security. If you wish to learn more about how to secure your PC from malware and intrusion over the Internet I suggest you check it out.

It’s over at: http://www.firewallleaktester.com/index.html

Microsoft OneCare Fails

Published on July 26, 2006 in Anti-virus Firewalls and Malware and Windows Software Tips. Comments

I am not sure how Microsoft manage to do it. It’s just one of those ongoing mysteries in this world of ours…

Microsoft is one of the largest companies in the world, with more money and technical resource than any other software developer in Earthly existence, and yet they consistently fail to turn out software that does what one would expect it to do (and without doing all sorts of crap one would not expect nor want it to do). Microsoft are preparing to launch their first attempt at a full firewall product called OneCare. It one seem that OneCare is more than one step away from caring enough to be worth using as a firewall system. I refer to the following media release from Agnitum, the highly respected makers of Outpost Firewall (a product I’ve been using for a few years now).

Concern expressed over low level of customer protection provided

28 JUNE 2006, ST.PETERSBURG, RUSSIA - SAN JOSE, CALIFORNIA. The firewall security experts at Agnitum, developers of the widely-acclaimed Outpost Firewall product family, have conducted an in-depth analysis of Microsoft’s new OneCare Firewall, part of Microsoft’s “Live” security initiative. The results are so far below industry standards that the company felt obliged to share the results of its analysis with the public.

Highlights of the report include the following:

  • The OneCare firewall failed all but the simplest leak tests and does not offer even the most basic intrusion detection capability, leaving users’ PCs wide open to being hijacked into a botnet

  • The OneCare firewall database of pre-approved applications is very small, and adding each new application requires several user interactions and a reboot

  • Application access rules are limited to ‘allowed’ and ‘not allowed’ - users cannot configure different rules for different types or times of usage, such as allowing IE to connect with some but not all websites

  • Similar limitations apply to network file access and remote desktop operations

  • The Windows Defender anti-spyware component of OneCare imposes significant delays on program execution, and is updated on a separate schedule than other OneCare components

Agnitum engineers also found compatibility issues with OneCare - but not the ones they had expected. Before installing the software, they already had a firewall running, as would most people. OneCare did not request the de-installation of any existing firewall, so Outpost Firewall Pro was left in place. OneCare worked smoothly alongside Outpost Firewall Pro - so smoothly that Outpost was the first to monitor the system, ask questions and protect the user, not OneCare.

The full analysis can be found on the Agnitum website at http://www.agnitum.com/r/firewall/onecare/

“Microsoft has tried to create software for novice users, making it very limited in settings and customization. The problem is, they’ve gone too far. OneCare is too simple. Yes, it’s easy to use. But unfortunately, it doesn’t provide much protection,” says Alexey Belkin, Chief Software Architect at Agnitum. “This ‘one product for everyone’ attempt is likely to end up being ‘one product for no one.’ The product itself looks like it was designed as a mandatory part of the operating system, and that is simply shortchanging users who haven’t yet decided what security solution to invest in.”

The business community worldwide, as well as the firewall security vendor community, has reacted swiftly to the appearance of this new player, not only from a technology perspective but also from the point of view of Microsoft’s business practices. Reactions concerning “predatory pricing” (first discussed by Sunbelt president Alex Eckelberry in his blog http://sunbeltblog.blogspot.com/2006/06/microsoft-practices-predatory-pricing.html) are arising, primarily that Microsoft is setting artificially low prices. But “cheap” doesn’t equal “good value,” as can be seen in the Agnitum analysis of the OneCare firewall.

“No one is underestimating the potential impact of Microsoft entering the Internet Security market, but at Agnitum we are seeing this development having more positive than negative effects,” says Mikhail Penkovsky, Global VP of Sales & Marketing at Agnitum. “The updating of the Windows Firewall in Vista makes a clear statement that the personal firewall is a must-have; Outpost and other third-party firewalls will still be there for customers when they realize - as many will - that the protection provided by OneCare is extremely limited. Our key distributors and resellers are in full agreement that OneCare is nice to look at but that’s pretty much all there is to it.”

About Agnitum ltd.

Founded in 1999, Agnitum (www.agnitum.com) is committed to delivering and supporting high quality security software products. The company’s headline products are Outpost Firewall Pro, securing personal and family computers, and Outpost Network Security, ensuring reliable endpoint protection and performance for small business networks. Agnitum firewall technology is licensed by Novell, Sophos, and Lavasoft.

Anti-virus malware product comparison

Published on July 4, 2006 in Anti-virus Firewalls and Malware. Comments

In the post Online Malware Virus Scan we took a look at how different anti-virus products pick up on different infections, and how you can’t ultimately trust any one product when it gives you a “clean” result. So how does one determine which anti-virus product is the best and how one anti-virus product compares to another? There is a way…

Take a look at the Anti-virus Product Comparison at av-comparatives.org.

They put all the major anti-virus products through the test-mill every few months and publish the results online.

Online Malware / Virus Scan

Published on July 4, 2006 in Anti-virus Firewalls and Malware. Comments

Not all malware / virus scanners are the same—that’s for sure. Each will pick up on different viruses and malware depending on a whole host of factors. So how can you be sure that your anti-virus program has given you an accurate analysis of the suspicious file you’ve just scanned and determined to be “clean”?

Here’s an example of what I mean.
I use NOD32 on my laptop. The latest definitions are installed.
Today I scanned a file I knew was infected with malware. NOD32 said it was clean. I though, “Hmmm… that’s odd”.
I took the file to an online scanner that runs it through 15 different scan systems. It came up as infected on 7 of them, and clean on the remaining 8.

The moral of the story? Each scanner is only as good as the definitions being feed into it, and different scanners are updated with new definitions at different times and rates. Therefore, if you have a file that you know may be infected (such as any executable you download from the internet from anything other than the most reputable websites) don’t rely on your malware scanner if it says “File clean”.

The best site I know of for online scanning of individual files is located at http://virusscan.jotti.org/

My results were as follows:
          Online malware scan

File: earth_keygen.exe
Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file’s scan results will not be stored in the database) MD5 9c7bfe25c63ddb4a2bdc61c5b8175263 Packers detected:

Scanner results
AntiVir                            Found Trojan/Drop.Microjoin.BX
ArcaVir                          Found nothing
Avast                             Found nothing
AVG Antivirus                Found Dropper.Generic.FTB
BitDefender                   Found nothing
ClamAV                         Found nothing
Dr.Web                         Found Trojan.Mezzia
F-Prot Antivirus             Found nothing
Fortinet                         Found W32/Agent.APH!tr
Kaspersky Anti-Virus    Found Trojan-Dropper.Win32.Microjoin.bx
NOD32                         Found nothing
Norman Virus Control  Found nothing
UNA                              Found nothing
VirusBuster                  Found Trojan.DR.Microjoin.BI
VBA32                          Found Trojan-Dropper.Win32.Microjoin.bx

Free Malware Prevention / Removal

Published on June 14, 2006 in Anti-virus Firewalls and Malware and Freeware Applications. Comments

There are many free applications that help in the detection, prevention, and removal of most forms of malware that are not specifically anti-virus programs. Most major anti-virus providers are closing the gap between fighting viruses as opposed to other malware (malicious software) by incorporating malware detection/prevention/removal (DPR) into their anti-virus applications. I don’t presently think that gap has been completely closed because some of the anti-malware apps out there have had many years of development, whilst it is only a relatively recent advent for AV suppliers to develop malware detection into their AV apps.

So, what are the options for free malware DPR? There are many, and users should be aware that numerous anti-malware apps available on the internet are in fact malware themselves. This articles is in addition to the many of the applications I have listed on the Trojan & Malware removal page.

  • Microsoft Defender: One strong contender is the freely available Defender program from Microsoft. Check it out here.
  • JavaCool SpywareBlaster: SpywareBlaster can help keep your system spyware-free and secure, without interfering with the “good side” of the web.
    Get it here
  • JavaCool SpywareGuard: provides a real-time protection solution against spyware that is a great addition to SpywareBlaster’s protection method.
    An anti-virus program scans files before you open them and prevents execution if a virus is detected - SpywareGuard does the same thing, but for spyware! And you can easily have an anti-virus program running alongside SpywareGuard.
    SpywareGuard now also features Download Protection and Browser Hijacking Protection!
    Get it here
  • Spybot Search & Destroy: go here
    I’ve been using this application for some time now and find it useful.
  • Lavasoft Adaware (free version): Check it out here
    Adaware has been on the scene for a long time and has a sound reputation in the malware detection arena. It is worth having a look at.
  • NoAdware: download it from here

If you plan on buying an anti-virus application suite I suggest selecting one that includes comprehensive malware detection (trojans, adware, spybots, and other malware).

A-Squared: Another application I have recently come across and found effective at detecting and removing malware from a client’s computer was A2 or A-Squared from Emsi Soft. They have a free version and a more comprehensive licensed version. I used the free one and found it to be of value. Check it out here (http://www.emsisoft.com/en/)

Other Prevention Tips

This next point is going to seem like a bit of a contradiction. What I am going to say is that a lot of spyware makes its way onto peoples’ computers through installing free software, yet here I am giving directions to install all sorts of free software!!

So what’s the story?

Well, basically if you are going to install free software it is important to do a bit of a background check on it first to make sure it has a reputation of being clean. One way is to only download free applications from sites (like Softseek.com) who certify that all the downloads that make available are malware free. The other way is to do a search on google with the name of the application you are considering along with words like “malware”, “adware”, “spyware”. So your search phrase might look like “[app name] malware adware” and see what comes up.

If you have the latest versions of the various prevention and guard tools I have talked about and the latest signature files then you should be able to scan the installation file you have downloaded for any given application to see if it has any known nasties in it. If you have real-time protection in place (such as the above mentioned Javacool Spyware Guard) then that should in most cases detect spyware trying to install itself when you try to install a new application you’ve downloaded from the internet.

Further information:

The info at this in the Wilders Security Forum provides some good tips and tricks. Many of these tips relate to Internet Explorer which is a browser I do not recommend using (partly because it has so many things you must do to it to make it secure). I recommend Firefox—nicer to use, more secure, free, and it’s not made by Microsoft.

Bad Behavior has blocked 126 access attempts in the last 7 days.